Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

XACML frame extension system and method for network access control system

A network access control and access control technology, applied in the computer field, can solve problems such as complex policy rule instances, low detection efficiency, conflict detection efficiency, etc., achieve consistent access results, improve accuracy, and reduce complexity

Inactive Publication Date: 2014-07-02
XIDIAN UNIV
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this patented technology is: when there are a large number of users and resources in a network access control system, and a large number of access control rules need to be formulated, it is too complicated to formalize the attributes in each rule, and the generated policy index tree will be Very large, so the conflict detection efficiency is very low
The disadvantage of this method is that because the description logic lacks enough description ability to support the semantics of access control rules, when an access control system needs to control the access of authorized users with multiple attributes and needs to formulate fine-grained access control rules, use The description logic describing the policy rule instance will be complex to ensure the correct access of authorized users with multiple attributes in the network access control system
[0005] To sum up, the current existing technology is to formalize the established XACML policy rules and then perform conflict detection. Due to the complexity of the formal method, it is only suitable for detecting conflicts between a small number of access control rules. However, when it is used to detect conflicts between a large number of access control rules, the detection efficiency is very low, and it is easy to fail to detect conflicts, which may easily lead to inconsistent permissions authorized to users and illegal access by unauthorized users.
Because the description logic lacks sufficient description ability to support the semantics of access control rules, when an access control system needs to make decisions based on multiple attributes of users, it cannot describe fine-grained access control rules based on description logic, so that fine-grained access cannot be detected. The conflict between control rules can easily lead to the leakage of permissions in the network access control system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • XACML frame extension system and method for network access control system
  • XACML frame extension system and method for network access control system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The present invention will be further described below in conjunction with the accompanying drawings.

[0042] refer to figure 1 , the system of the present invention expands the policy management point PAP in the Extensible Access Control Markup Language XACML framework, completes the conflict detection and conflict resolution of the access control results and generates the Extensible Access Control Markup Language XACML without conflicts. The policy decision point PDP in the extended access control markup language XACML framework provides policy rules without conflicts for decision-making, which improves the accuracy of access decision-making in the access control system to ensure the correct access of authorized users in the network access control system, and at the same time Deny access to unauthorized users. The system includes an ontology construction module 1 , a rule formulation module 2 , a rule reasoning module 3 , a consistency detection module 4 and a policy...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an XACML frame extension system and method for a network access control system. The XACML frame extension system is composed of a body establishing module, a rulemaking module, a rule-based reasoning module, a consistency detecting module and a strategy rule generating module. The XACML frame extension method comprises the steps that firstly, the body establishing module establishes a body; secondly, the rulemaking module makes rules; thirdly, the rule-based reasoning module generates access control results; fourthly, the consistency detecting module detects whether conflict exists between the access control results; fifthly, the rulemaking module makes a conflict eliminating rule, and the rule-based reasoning module generates access control results of the conflict eliminating rule; sixthly, the consistency detecting module detects whether the conflict is eliminated; seventhly, the strategy rule generating module generates an extensible access control markup language strategy rule. Due to conflict detection of the access control results, the XACML frame extension system and method for the network access control system have the advantages of being high in detection efficiency and automatic.

Description

technical field [0001] The invention belongs to the technical field of computers, and further relates to an extensible access control markup language (eXtensible Access Control Markup Language, XACML) frame extension system and method in the technical field of computer network security. The invention can be used for conflict detection and conflict resolution of access control results in a network access control system, and generates extensible access control markup language policy rules to ensure correct access of authorized users in the network access control system and deny access of unauthorized users. Background technique [0002] The Extensible Access Control Markup Language XACML released by OASIS can define fine-grained access control rules through various attribute types, but the fine-grained attributes can easily lead to policy rule conflicts. Several conflict resolutions are given in the Extensible Access Control Markup Language XACML The algorithm avoids the impac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 马文平陆亚红
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com